Independent researcher Luigi Auriemma publicly disclosed four vulnerabilities along with proof-of-concept (PoC) exploit code, including the vulnerability privately disclosed by ICST, without coordination with ARC Informatique, ICS-CERT, or any other coordinating entity known to ICS-CERT.

ARC Informatique confirmed these vulnerabilities and released a patch to address the issue. Researcher Kuang-Chun Hung tested the patch and validated it resolves these vulnerabilities.

ARC Informatique said the following products suffer from the holes:
• PcVue — All versions from 6.xx onward
• FrontVue — All versions
• PlantVue — All versions.

Successful exploitation of these vulnerabilities could result in denial of service, write to memory, file corruption, or remote code execution.

ARC Informatique is a French-based company that develops human-machine interface/supervisory control and data acquisition (HMI/SCADA) software used to interface with control systems.

According to ARC Informatique, PcVue works across several sectors including manufacturing, building automation, chemical, banking and finance, electric utilities, and others. ARC Informatique estimates these products see use primarily in Europe but also see use in the U.S. and around the world.